vBulletin 5 Connect Security Patches Released (All versions)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73981

    vBulletin 5 Connect Security Patches Released (All versions)

    A data integrity exploit has been discovered in vBulletin 5. This exploit was discovered by our Quality Assurance team. The issue affects all versions of vBulletin 5 Connect, including 5.0.0, 5.0.1, 5.0.2, 5.0.3, and 5.0.4. We have released security patches for all versions and they are available immediately. It is recommended that you upload the patches to your server immediately.

    If you're not currently using vBulletin 5.0.4, we would recommend that you upgrade to this version with the included patch. This will provide the best possible vBulletin 5 Connect experience for you and your users. If there is some reason that you cannot upgrade, a patch has been provided for your version.

    You can download the patch for your version here: http://members.vbulletin.com/patches.php

    Please install the patch immediately.
    1. Download the patch from https://members.vbulletin.com/patches.php.
    2. Extract the vBulletin patches files from the Zip file.
    3. Upload the patch files to your server, overwriting the old files.
    For additional instructions please see the online documentation at: http://www.vbulletin.com/docs/html/upgrade_patch_level

    Frequently Asked Questions:
    Q) To install this patch, do I need to run the upgrade scripts?
    A) No, that is only necessary if performing a full upgrade to 5.0.4.

    Q) I am running beta still, can I use these patches?
    A) No, you need to upgrade to vBulletin 5.0.4 as soon as possible.

    Q) The version on the front-end has not been updated after applying the patch.
    A) This is intentional.

    Q) Suspect File Versions reports some files as not containing expected contents.
    A) This is to be expected as you uploaded new files with different content.

    Q) Can you tell me the exact details of this issue?
    A) We do not disclose that information to protect our customers.

    Q) What versions does this affect?
    A) All released versions of vBulletin 5 Connect including 5.0.0, 5.0.1, 5.0.2, 5.0.3 and 5.0.4

    Q) Is this related to the previous announcement about the install directory.
    A) No, it is a different issue found by QA during regular testing. You still need to delete your install directory after any installations or upgrades.
    Last edited by Wayne Luke; Thu 5 Sep '13, 4:35pm.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...